Reports are now popping up in my technology news feed that a database containing information from over 700 million LinkedIn members is now available for purchase on the dark web. Unlike some of the other information dumps that have made headlines recently, this one doesn’t contain passwords or other sensitive information, but it does contain the information that LinkedIn members typical put in their profiles, including phone numbers, addresses (mail and email), job and education history as well as whether or not a particular member might be looking for a job. According to LinkedIn and which other sources seem to corroborate, this isn’t actually a data breach, but what is known as an “information scrape” which is shorthand for a database built by reading and indexing information that is readily available on the web. Keep in mind, “readily available” does not necessarily mean authorized use, especially when it is gathered and put on sale by someone not LinkedIn.
What does this mean for you?
Even if you aren’t on LinkedIn, if you do any sort of business that requires to you interact with others via the internet, you should be aware of why these types of databases are still considered a significant security risk, and I can sum it up in one word: Phishing. One of the most common tactics in use now by phishers is leveraging data gathered in these databases to build and send fake emails that contain enough real information to trick even the most savvy email veteran. Especially vulnerable are the millions of job seekers who use LinkedIn everyday to contact plenty of people they don’t know directly, and have to rely on information found on the website. Cybercriminals are using this particular weakness to infect job seekers with trojans as part of a fake employment application, which can then lead to identity theft, extortion and a definite disruption in the job seeking process. In the end, there isn’t much you can do about this except the following:
- Set up 2-factor authentication on all your important accounts, especially email.
- Back up your important data. Cloud-based backups are best.
- Make sure you are running malware protection on your computer.
- Make sure your network (home and work) is protected by a proper firewall.
- Establish freezes on all your major credit reporting identities via these websites: Experian. TransUnion. EquiFax.
- Never trust an email link, especially one that seems to ask for a password right off the bat. Always call and verify.
America’s biggest bank JP Morgan Chase announced last week that it was the latest victim of a major security breach. According to their regulatory filing, data from nearly 80 million customers was exposed in a successful hacking attempt earlier this year. Though the bank was quick to emphasize that our money and most sensitive bits of info such as dates of birth, social security, passwords and IDs weren’t stolen, names, addresses, emails and phone numbers were – all which could be used to facilitate an identity theft, but which aren’t considered protected or sensitive in most cases. While it’s troubling that the country’s number one bank got hacked, what’s even more worrying is that the media, the public, and even Wall Street seemed to shrug it off and carry on.
What this means for you:
Americans seem to be developing what some analysts are dubbing data breach fatigue: everytime we look up, yet another high-profile company or livelihood staple has been hacked. The list reads like a modern family’s honey-do list: Target, Home Depot, Neiman Marcus, EBay, UPS, Apple, Nintendo, Sony, Albertsons, SuperValu, CHS, etc. There have been nearly 600 data breaches reported this year, up 27% over last year, and we aren’t even done with 2014. Fortunately, only a small percentage of the total population have been negatively impacted in a signficant way, though most of us have probably had one or more credit cards get canceled and replaced for fraudulent activity. What this is leading to is the general perception that these data breaches are “bad” only in a vaguely annoying way, and there is not much that an average person can do to protect themselves, “Heck, if JP Morgan can’t figure out how to keep the hackers at bay, how can I ever stand a chance?”
While it’s true you can’t stop JP Morgan from getting hacked, you can make it harder for cybercriminals to hack you: don’t give in to the fatigue – make them fight for every bit they try to steal from you. Change your passwords regularly, and use unique passwords for your important accounts. Keep a close eye on your credit card statements and your credit history. Make sure your all computers you use have up-to-date and functioning antivirus software. Avoid email attachments and unfamiliar websites. What was once considered “paranoia-level” precautions are the new standard of online safety. Considering that nearly half of Americans adults have had some form of their personal data stolen through an online breach, it’s safe to say that “they” are out to get you – paranoia or not.
Supermarket chains Supervalu, Albertons and Jewel-Osco have joined the illustrious list of large retailers hacked (presumably) for their vast datastores of shopper identities and credit card information. Investigation is still ongoing in both cases as to whether hackers actually managed to retrieve shopper data during the breaches, and whether the data is being used illegally elsewhere. Though the details of the hacks have not been revealed, security analysts are speculating that the hackers probably compromised point-of-sale machines, similar to the attacks that breached Target in 2013.
What this means for you:
As you can imagine, based upon the difficulties of trying to secure your own personal devices, securing a large network of heavily used and highly exposed computers is tricky business. Even the slightest misstep can lead to cybercriminals pouncing on you like a pack of wild hyenas. Large chains like the ones affected above are continuously under attack from multiple vectors primarily because of the type of data hackers absolutely know they have. The best way to descibe the current war between corporate enterprise and cybercriminals would be that of a siege, with the “good guys” turtling up behind walls that being hammered on relentlessly. And as in any siege, even the smallest breach of that wall can lead to a complete razing of the besieged. Unfortunately, the good guys are struggling to innovate as fast as the bad guys who are heavily invested in winning these types of battles, as the stakes can result in huge payoffs in stolen credentials.
As mentioned, none of the supermarket chains have verified that data has been stolen, but if you happen to shop at any of the listed establishments with your credit card, you may want to consider having your credit card company issue you a new number.